Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OpenLdap, Pam & nss

16 views
Skip to first unread message

Ze Mask

unread,
Feb 14, 2005, 10:40:21 AM2/14/05
to
Hello,
I'm working on Openldap for a few days and i'm trying to authenticate
unix users via ldap, pam & nss.

After long research, I don't have really understood the exact function
of these different tools and files (Of course, I know that they are used
to authenticate via ldap...) :

pam_ldap : does it use pam_ldap.conf or /etc/ldap/ldap.conf ?

libnss_ldap : when it is used and for what ? does it use the
libnss_ldap.conf or the ldap.conf ?

I ask these questions because of i've red a lot of tutorials and no one
exactly answers to these questions.

Another problem :
I've used this tutorial :
http://www.idealx.org/prj/samba/smbldap-howto.fr.html

With this, I succeed in creating users and i can log with them, even if
their are only declared in the ldap directory (which is quiet normal).
But on localhost only.

While trying to log with ssh, i've got this error in auth.log :
Feb 14 16:35:15 www sshd[1160]: error: PAM: Authentication failure for
illegal user timmy from www
Feb 14 16:35:15 www sshd[1160]: Failed keyboard-interactive/pam for
illegal user timmy from 192.168.0.3 port 36995 ssh2


Someone can help me ?

Thx a lot

Max

Tim Stegmann

unread,
Feb 14, 2005, 3:52:03 PM2/14/05
to
Ze Mask wrote:
> Hello,
> I'm working on Openldap for a few days and i'm trying to authenticate
> unix users via ldap, pam & nss.
>
<snip>

> Someone can help me ?
>
> Thx a lot
>
> Max

Which Distribution are you using? Which OpenLDAP version?


--

Ze Mask

unread,
Feb 15, 2005, 6:10:23 AM2/15/05
to
I'm using OpenLDAP v2.2.23 on a Linux Debian with kernel 2.6.10.

Tim Stegmann

unread,
Feb 15, 2005, 9:46:12 AM2/15/05
to
Ze Mask wrote:
> Hello,
> I'm working on Openldap for a few days and i'm trying to authenticate
> unix users via ldap, pam & nss.
>
<snip>

>
> While trying to log with ssh, i've got this error in auth.log :
> Feb 14 16:35:15 www sshd[1160]: error: PAM: Authentication failure for
> illegal user timmy from www
> Feb 14 16:35:15 www sshd[1160]: Failed keyboard-interactive/pam for
> illegal user timmy from 192.168.0.3 port 36995 ssh2
>
>
> Someone can help me ?
>
> Thx a lot
>
> Max


What about users who are not stored in the DIT but in passwd file? Can
they log in? Maybe you don't have a problem with your slapd
configuration but with your sshd config.

Tim

--

Dieu

unread,
Feb 15, 2005, 6:37:02 AM2/15/05
to
Wrong, I think Debian is not PAMized.

BTW you could read www.linuxchange.com it's all you want, site is most on
spanish.

D

0 new messages